CVE-2026-57867

Authentication Bypass via OTP Abuse in Camel Aissani’s MicroRealEstate

Discovered by Jake Cleland on behalf of The Missing Link Security

Vulnerability Details

MicroRealEstate allows adversaries to bypass authentication due to a lack of token state management. This would permit adversaries targeting MicroRealEstate deployments to brute-force One-Time Passwords (OTP) to log in as any user.

Affected Versions

Affected Versions:
1.0.0-alpha3 and prior

Fixed Versions

Fixed Versions:

N/A

Latest News